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Art Unit: 2161 

DETAILED ACTION 

1. This Office action is responsive to the following communication: Request for Continued 
Examination filed on 20 November 2006. 

2. Claims 1-4, 6-13, 15-20, 39-42, 44-51, and 53-58 are pending and present for examination. 
Claims 1, 10, 18, 39, 48, and 56 are independent. 

Continued Examination Under 37 CFR 1.114 

3. A request for continued examination under 37 CFR 1,114, including the fee set forth in 37 CFR 
1.17(e), was filed in this application after final rejection. Since this application is eligible for continued 
examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the 
finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's 
submission filed on 20 November 2006 has been entered. 



Response to Amendment 

4. Claims 1, 10, 18, 39, 48, and 56 have been amended. 

5. Claims 5, 14, 21-38, 43, 52, and 59 have been cancelled. 

6. No claims have been added. 

Claim Objections 

7. Claim 1 is objected to because of the follovying informalities: 

a. Claim 1 recites an ''Operation System" in line 15 of the claim. It is believed this is a 
typographical error and was intended to recite "Operating System." Accordingly, said recitation 
has been treated as such for the remainder of this Office action. Appropriate correction is 
required. 
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Claim Rejections - 35 USC § 101 

8. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

9. 1-4, 6-9, 10-13, 15-17, and 56-58 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. 

Accordingly, both the apparatus and method claims may be considered to be software, per se, 
since both claims fail to be integrated into a computer hardware system for execution. Therefore, since 
the claims simply recite but simply recite sections and steps of implementation, said claims constitute 
non-statutory subject matter since they fail to fall within a statutory category. 

Additionally, Claims 6-7 and 15-16 the limitations wherein the user is granted the privilege of 
performing the resource operation "only if the permission bit allows the operation," The aforementioned 
claim language provides for optional language wherein if said permission bit disallows the operation, the 
resource operation is not performed. Hence, the method would therein produce no "useful, concrete, 
and tangible result" in that the electronic document is not expanded. See State Street, 149 F.3d at 1373, 
47 USPQ2d at 1601-02. MPEP 2106. "The claimed invention as a whole must accomplish a practical 
application. That is, it must produce a 'useful, concrete and tangible result' " (emphasis added). The 
Examiner further notes that a plurality of the remaining claims contain optional language by reciting "if" 
statements (e.g. claims 44, 45, and etc.). 

Claim Rejections ' 35 USC § 103 

10. The following is a quotation of 35 U.S.C . 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 
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11. Claim 1-4, 7-11, 13, 16-17, 18-20, 39-42, 45-49, 51 and 54-58 rejected under 35 U.S.C. 
103(a) as being unpatentable over Indicula et al (U.S. Patent No. 6,950,822, hereinafter referred to as 
INDICULA), filed on 25 November 2002, and issued on 27 September 2005, in view of.Deinliart et al 
(U.S. Patent No, 5,911,143, hereinafter referred to as DEINHART), filed on 14 August 1995, and issued 



on 8 June 1999. 

12. As per claims 1, 10, 18, 39, 48 and 56, INDICULA, in combination with DEINHART, discloses: 

A method for controlling access to a resource, the method comprising the steps of: 

creating and storing in a fllesystem of an Operating System a file that represents the 
resource {See IDICULA, C4:L42-56, wherein this reads over "session objects 122, one or more 
process state objects 130a, 130b, collectively referenced hereinafter as process state objects 130, 
and a session pool object 140. In object-oriented technologies, an object is a data structure that 
stores data that indicates one or more attributes or methods or both"}; 

receiving user-Identifying information from a user requesting access to the resource, 
wherein the user-identifying information comprises a role associated with the 
user {See IDICULA, C5:L11-13, wherein this reads over "user information that Indicates a user of 
the associated connection, the user's roles, and the user's privileges, among other information about 
the user'7, wherein the role is determined from a user identifier uniquely 
associated with the user and from a group identifier associated with a group that 
includes the user {See DEINHART, C1:L31-36, wherein this reads over "[i]n most of the installed 
computer systems access rights are granted or revoked explicitly for individual users or group of 
users on respective data or, more generally, on respective objects by a system administrator"}; 



receiving a resource identifier associated with the resource {See idicula, C7:li9-35, 
wherein this reads over "[j]f a session is already created for this client, a session object 122 
associated with the client is indicated in the process state object 130"}; 

creating an access identifier based on the user-identifying information and the 
resource identifier, wherein the access identifier is formatted as a file attribute 
that is used by the Operating System to manage file access {See idicula, C4:L42-56, 
wherein this reads over "session objects 122, one or more process state objects 130a, 130b, 
collectively referenced hereinafter as process state objects 130, and a session pool object 140. In 
object-oriented technologies, an object is a data structure that stores data that indicates one or more 
attributes or methods or both'7; 



calling the Operating System to perform a file operation on the file by providing the 
access identifier to the Operation System to attempt access to the file (See 
IDICULA, Cl:L52-62, wherein this reads over "[a] session is a related series of one or more requests 
for services made over a communication channel. The channel is typically established by the 
operating system of the host for the database server"; and C7:L19-30, wherein this reads over "[i]f a 
session is already created for this client, a session object 122 associate with the client Is indicated in 
the process state object 130; and that session object 122 is used'7; and 



granting the user access to the resource when the Operating System call successfully 
performs the file operation {See idicula, C7:L20-21, wherein this reads over "a request is 
received from database client 102a for database services"}; 
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wheriein the file operation on the file representing the resource is selected from a 
group consisting of opening the file, closing the file, deleting the file, reading 
from the file, writing to the file, executing the file, appending to the file, reading 
a file attribute, and writing a file attribute {See idicula, C7:li9-30, wherein this reads 

over "[i]f a session is already created for this client, a session object 122 associate with the client is 
indicated in the process state object 130; and that session object 122 is used'7. 

While INDICULA fails to expressly disclose the determination of a role "from a user 

identifier uniquely associated with the user and from a group identifier associated with a group that 

includes the user," DEINHART discloses the grant or revocation of access rights for "individual users or 

group of users ... on respective objects." Therefore, it would have been obvious to one of ordinary skill 

in the art at the time the invention was made to modify the above invention suggested by INDICULA by 

combining it with the invention disclosed by DEINHART. 

One of ordinary skill in the art would have been motivated to do this modification so that where a 

user falls within a classified group of users (e.g. System Administrator or Guest), a user identifier may be 

associated with the user accordingly. 

13. As per dependent claims 2, 11, 19, 40, 49 and 57, it would be inherent for the role 
identifier and resource identifier to be stored in a first and second set of bits, respectively, since files are 
comprised of a sequence of bits. 

14. As per dependent claims 3, 20, 41 and 58, INDICULA, in combination with DEINHART, 
discloses: 

A method as recited in Claim 1, wherein: 

the step of creating an access identifier based on the user-identifying information 
and the resource identifier comprises formatting the access identifier as a group 

identifier file attribute {See DEINHART, C1:L31-36, wherein this reads over "[l]n most of the 
installed computer systems access rights are granted or revoked explicitly for individual users or 
group of users on respective data or, more generally, on respective objects by a system 

administrator"}; and 

the step of calling the Operating System to perform an operation on the file 
representing the resource comprises: 

assigning the access identifier to a group identifier attribute of an Operating 
System process {See idicula, C4:L42-56, wherein this reads over "session objects 122, 
one or more process state objects 130a, 130b, collectively referenced hereinafter as process 
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state objects 130, and a session pool object 140. In object-oriented technologies, an object is a 
data structure that stores data that indicates one or more attributes or methods or both"}; and 

calling an Operating System routine from the Operating System process to 
perform the operation on the file representing the resource {See idicula, 
Cl:L52-62, wherein this reads over "[a] session is a related series of one or more requests for 
services made over a communication channel. The channel is typically established by the 
operating system of the host for the database server"; and C7:L19-30, wherein this reads over 
"[i]f a session is already created for this client, a session object 122 associate with the client is 
indicated in the process state object 130; and that session object 122 is used"}. 

15. As per dependent claims 4, 13, 42 and 51, IIMDICULA, in combination with DEINHART, 
discloses: 

A method as recited in Claim 1, 

wherein the step of calling the Operating System to perform an operation on the file 
representing the resource comprises comparing the access identifier to an 
identifier included in an Access Control List file attribute associated with the file 
representing the resource {See DEINHART, C1:L31-41, wherein this reads over "[w]hen an 
access request occurs during operation time of the computer system from a user or, more generally, 
from a subject to the object, then the security system looks at the access control list of the respective 
object and decides whether the subject may access the object in the request manner"}, 

wherein the Access Control List file attribute includes the identifiers of all users and 
all groups of users allowed to access the file representing the resource {See 
DEINHART, Cl:L31-36, wherein this reads over "[i]n most of the installed computer systems access 
rights are granted or revoked explicitly for individual users or group of users on respective data or, 
more generally, on respective objects by a system administrator'^. 

16. As per dependent claims 7, 16, 45 and 54, the claim does not carry patentable weight since 
the claim recites the file operation of "opening the file representing the resource/' which was optionally 
recited in claims 1, 10, 18, 22, 31, 39, 48 and 56 (i.e. "wherein the file operation on the file representing 
the resource is selected from a group consisting of opening the file, closing the file, deleting the file, 
reading from the file, writing to the file, executing the file, appending to the file, reading a file attribute, 
and writing a file attribute"), upon which the said respective claims depend. Therefore, since the opening 
of the file is optional and not necessary to the claimed invention, the claim is rejected. 

17. As per dependent claims 8, 17, 46 and 55, INDICULA, in combination with DEINHART, 
discloses: 



A method as recited in Claim 1, wherein the step of representing the resource by a file 
stored in the Operating System filesystem comprises: 
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creating the file representing the resource in the Operating System filesystem {See 
IDICULA, C4:L42-56, wherein this reads over "session objects 122, one or more process state objects 
130a, 130b, collectively referenced hereinafter as process state objects 130, and a session pool 
object 140. In object-oriented technologies, an object Is a data structure that stores data that 
Indicates one or more attributes or methods or both"}; and 

assigning an access value to a file attribute of the file representing the resource, the 
file attribute being used by the Operating System to manage file access {See 
IDICULA, C4:L42-56, wherein this reads over "session objects 122, one or more process state objects 
130a, 130b, collectively referenced hereinafter as process state objects 130, and a session pool 
object 140. In object-oriented technologies, an object Is a data structure that stores data that 
indicates one or more attributes or methods or both"}, wherein the access value 
corresponds to a combination of a role {See IDICULA, C5:L1M3, wherein this reads over 
"user information that indicates a user of the associated connection, the user's roles, and the user's 
privileges, among other information about the user'7 and a resource {See IDICULA, C7:L19-35, 
wherein this reads over "[i]f a session is already created for this client, a session object 122 
associated with the client is indicated in the process state object 130"}. 

18. . As per dependent claims 9 and 47, INDICULA, in combination with DEINHART, discloses: 



A method as recited in Claim 8, wherein the file attribute used by the Operating System 
to manage file access is a group identifier file attribute {See deinhart, ci:L31-36, wherein 
this reads over "[i]n most of the installed computer systems access rights are granted or revoked explicitly 
for individual users or group of users on respective data or, more generally, on respective objects by a 
system administrator"}. 

19. Claims 6, 12, 15, 44, 50 and 53 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Indicula et al, in view of Deinhart et al, and in further view of Lewis (U.S. Patent No. 6,233,576, 
hereinafter referred to as LEWIS), filed on 25 September 1995, and issued on 15 May 2001. 

20. As per dependent claims 6, 15, 44 and 53, INDICULA, in combination with DEINHART and 
LEWIS, discloses: 

A method as recited in Claim 1, the method further comprising the steps of: 

reading a permission bit associated with the file representing the resource, wherein 
the permission bit corresponds to the operation performable on the file 
representing the resource {See lewis, C14:L6-12, wherein this reads over "derive the 
authorization file names and the permission bits (from the resource class and name), and to apply 
the appropriate permissions"}; 

based on the operation on the file indicated by the permission bit, determining a 
resource operation that is performable on the resource {See lewis, ci6:L64-ci7;L4, 
wherein this reads over "[t]he resulting access rights consist of a three bit filed with the following 
meanings . . ."}; and 

granting the user the privilege of performing the resource operation on the resource 
{See DEINHART, C1:L31-41, wherein this reads over "[w]hen an access request occurs during 
operation time of the computer system from a user or, more generally, from a subject to the object, 
then the security system looks at the access control list of the respective object and decides whether 
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the subject may access the object in the request manner"} only if the permission bit allows 
the operation to be performed on the file representing the resource {See lewis, 

C17:L5-9}. 

While INDICULA and DEINHART fail to expressly disclose the use of permission bits in 
determining user privileges, LEWIS discloses the use of permission bits which signify Read, Write, or 
Execute authority. Therefore, it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modify the above invention suggested by INDICULA and DEINHART by 
combining it with the invention disclosed by LEWIS. 

One of ordinary skill in the art would have been motivated to do this modification so that files 
may contain permission bits which allow users the permission to certain operations on the file. 

21. Claims 6, 12, IS, 44, 50 and 53 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Indicula et al, in view of Deinhart et al, and in further view of Official Notice. 

22. As per dependent claims 12 and 50, INDICULA, in combination with DEINHART and Official 
Notice, discloses: 

A method as recited in Claim 10, wherein the step of making an Operating System call to 
perform an operation on the file representing the resource comprises: 

storing the group identifier value of a group Identifier attribute of an Operating 
System process {See DEINHART, Cl:L31-36, wherein this reads over "[i]n most of the installed 
computer systems access rights are granted or revoked explicitly for individual users or group of 
users on respective data or, more generally, on respective objects by a system administrator^'}; 

assigning the access identifier to the group identifier attribute of the Operating 

System process {See IDICULA, C4:L42-56, wherein this reads over "session objects 122, one or 
more process state objects 130a, 130b, collectively referenced hereinafter as process state objects 
130, and a session pool object 140. In object-oriented technologies, an object is a data structure 
that stores data that indicates one or more attributes or methods or both"}; 

calling an Operating System routine from the Operating System process to perform 
the operation on the file representing the resource {See idicula, ci:L52-62, wherein 
this reads over "[a] session is a related series of one or more requests for services made over a 
communication channel. The channel is typically established by the operating system of the host for 
the database server"; and C7:L19-30, wherein this reads over "[i]f a session Is already created for 
this client, a session object 122 associate with the client is indicated in the process state object 130; 
and that session object 122 is used'7, wherein the operation on the file representing the 
resource is performed only if the value of the group identifier attribute of the 
Operating System process matches the value of the group identifier file attribute 
of the file representing the resource {See IDICULA, C7:L20-21, wherein this reads over "a 
request is received from database client 102a for database services"}; and 
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resetting the group identifier attribute of the Operating System process to the stored 
group identifier value {See Official Notice}. 



The Examiner tal<es Official Notice that it would have been obvious to one of ordinary skill in the 
art at the time the invention was made to reset the group identifier attribute of the Operating System 
process to the stored group identifier value. That is, where a. group identifier is set, it would have been 
obvious to one of ordinary skill in the art to have the capability to reset said group identifier attribute 
accordingly. 



23. Applicant's arguments with respect to claims 1-21 and 39-59 have been considered but are moot 
in view of the new ground(s) of rejection. 



24. Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Paul Kim whose telephone number is (571) 272-2737, The examiner can normally be 
reached on M-F, 9am - 5pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Apu . 
Mofiz can be reached on (571) 272-4080. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 
866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or 
access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.^ 



Response to Arguments 



Conclusion 



Paul Kim 

Patent Examiner, Art Unit 2161 




SAM RIMELL 
PRIMARY EXAMINER 



